logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

paFileDB 3.x SQL Injection Vulnerability
Date: 2003-03-24

Author : flur <flur@flurnet.org>

Flurnet Security
paFileDB by todd@phparena.net
PHP Arena http://www.phparena.net

Tested on:
paFileDB 3.0 Final
paFileDB 3.0 Beta 3.1
paFileDB 3.1 Final


paFileDB is a file management script that supports user file rating. It
uses an SQL database backend. Multiple vulnerabilities exist due to the
lack of checked input variables. The following exploits exist:
- Modified 'id' tag allows users to submit unlimited ratings.
- Hand-edited 'rating' tag allows users to submit ratings above 10 or
below 0.
- Both tags do not check for escape characters and will allow SQL injection.

Proof-Of-Concept Exploits:

Replace [RANDOM] with a random short string and the script will not be stop
you from voting as many times as you like.

Submit file rating of 1000 out of 10. Drive rate up. Conversely, -1000
would have the opposite effect driving the rating down.

SQL Injection vulnerability (exploit code not included)

Script authors have been notified.


arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy